Skip to content

Commit

Permalink
Add support for the TLS_AEGIS_128L_SHA256 cipher suite
Browse files Browse the repository at this point in the history
  • Loading branch information
jedisct1 committed Nov 14, 2024
1 parent 21f6c3b commit a861f7a
Show file tree
Hide file tree
Showing 32 changed files with 1,052 additions and 10 deletions.
2 changes: 2 additions & 0 deletions Configure
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,7 @@ my @dtls = qw(dtls1 dtls1_2);

my @disablables = (
"acvp-tests",
"aegis",
"afalgeng",
"apps",
"argon2",
Expand Down Expand Up @@ -615,6 +616,7 @@ our %disabled = ( # "what" => "comment"
my @disable_cascades = (
# "what" => [ "cascade", ... ]
"bulk" => [ "shared", "dso",
"aegis",
"aria", "async", "atexit", "autoload-config",
"blake2", "bf", "camellia", "cast", "chacha",
"cmac", "cms", "cmp", "comp", "ct",
Expand Down
9 changes: 6 additions & 3 deletions crypto/objects/obj_dat.h
Original file line number Diff line number Diff line change
Expand Up @@ -1317,7 +1317,7 @@ static const unsigned char so[9220] = {
0x67,0x81,0x05,0x13,0x02,0x25, /* [ 9213] OBJ_tcg_tr_cat_PublicKey */
};

#define NUM_NID 1454
#define NUM_NID (1454 + 1)
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
Expand Down Expand Up @@ -2773,9 +2773,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"tcg-tr-cat-platformFirmwareUpdateCompliance", "Platform Firmware Update Compliance Trait Category", NID_tcg_tr_cat_platformFirmwareUpdateCompliance, 6, &so[9201]},
{"tcg-tr-cat-RTM", "Root of Trust of Measurement Trait Category", NID_tcg_tr_cat_RTM, 6, &so[9207]},
{"tcg-tr-cat-PublicKey", "Public Key Trait Category", NID_tcg_tr_cat_PublicKey, 6, &so[9213]},
{"AEGIS-128L", "aegis-128l", NID_aegis_128l},
};

#define NUM_SN 1445
#define NUM_SN (1445 + 1)
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
Expand Down Expand Up @@ -4222,9 +4223,10 @@ static const unsigned int sn_objs[NUM_SN] = {
160, /* "x509Crl" */
1093, /* "x509ExtAdmission" */
1289, /* "zstd" */
NUM_NID - 1, /* "aegis-128l" */
};

#define NUM_LN 1445
#define NUM_LN (1445 + 1)
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
Expand Down Expand Up @@ -5671,6 +5673,7 @@ static const unsigned int ln_objs[NUM_LN] = {
1207, /* "x942kdf" */
1206, /* "x963kdf" */
125, /* "zlib compression" */
NUM_NID - 1, /* "aegis-128l" */
};

#define NUM_OBJ 1311
Expand Down
1 change: 1 addition & 0 deletions crypto/objects/obj_mac.num
Original file line number Diff line number Diff line change
Expand Up @@ -1451,3 +1451,4 @@ tcg_tr_cat_platformFirmwareSignatureVerification 1450
tcg_tr_cat_platformFirmwareUpdateCompliance 1451
tcg_tr_cat_RTM 1452
tcg_tr_cat_PublicKey 1453
aegis_128l 1454
3 changes: 2 additions & 1 deletion crypto/objects/objects.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1691,6 +1691,7 @@ sm-scheme 104 10 : SM4-XTS : sm4-xts
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
: ChaCha20 : chacha20
: AEGIS-128L : aegis-128l

ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH

Expand Down Expand Up @@ -2014,4 +2015,4 @@ tcg-tr-category 33 : tcg-tr-cat-platformHardwareCapabilities : Platform Hardw
tcg-tr-category 34 : tcg-tr-cat-platformFirmwareSignatureVerification : Platform Firmware Signature Verification Trait Category
tcg-tr-category 35 : tcg-tr-cat-platformFirmwareUpdateCompliance : Platform Firmware Update Compliance Trait Category
tcg-tr-category 36 : tcg-tr-cat-RTM : Root of Trust of Measurement Trait Category
tcg-tr-category 37 : tcg-tr-cat-PublicKey : Public Key Trait Category
tcg-tr-category 37 : tcg-tr-cat-PublicKey : Public Key Trait Category
7 changes: 7 additions & 0 deletions include/crypto/aegis_128l.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#ifndef OSSL_CRYPTO_AEGIS_128L_H
#define OSSL_CRYPTO_AEGIS_128L_H
# pragma once

#include <stddef.h>

#endif
1 change: 1 addition & 0 deletions include/internal/quic_record_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ int ossl_quic_provide_initial_secret(OSSL_LIB_CTX *libctx,
# define QRL_SUITE_AES128GCM 1 /* SHA256 */
# define QRL_SUITE_AES256GCM 2 /* SHA384 */
# define QRL_SUITE_CHACHA20POLY1305 3 /* SHA256 */
# define QRL_SUITE_AEGIS128L 4 /* SHA256 */

/* Returns cipher name in bytes or NULL if suite ID is invalid. */
const char *ossl_qrl_get_suite_cipher_name(uint32_t suite_id);
Expand Down
1 change: 1 addition & 0 deletions include/internal/quic_wire_pkt.h
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ typedef struct quic_hdr_protector_st {
# define QUIC_HDR_PROT_CIPHER_AES_128 1
# define QUIC_HDR_PROT_CIPHER_AES_256 2
# define QUIC_HDR_PROT_CIPHER_CHACHA 3
# define QUIC_HDR_PROT_CIPHER_AEGIS_128L 4

/*
* Initialises a header protector.
Expand Down
3 changes: 2 additions & 1 deletion include/openssl/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
# define EVP_MAX_KEY_LENGTH 64
# define EVP_MAX_IV_LENGTH 16
# define EVP_MAX_BLOCK_LENGTH 32
# define EVP_MAX_AEAD_TAG_LENGTH 16
# define EVP_MAX_AEAD_TAG_LENGTH 32

# define PKCS5_SALT_LEN 8
/* Default PKCS#5 iteration count */
Expand Down Expand Up @@ -480,6 +480,7 @@ typedef struct {

/* Length of tag for TLS */
# define EVP_CHACHAPOLY_TLS_TAG_LEN 16
# define EVP_AEGIS_128L_TLS_TAG_LEN 16

typedef struct evp_cipher_info_st {
const EVP_CIPHER *cipher;
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/obj_mac.h
Original file line number Diff line number Diff line change
Expand Up @@ -5308,6 +5308,10 @@
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019

#define SN_aegis_128l "AEGIS-128L"
#define LN_aegis_128l "aegis-128l"
#define NID_aegis_128l 1454

#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
Expand Down
4 changes: 3 additions & 1 deletion include/openssl/ssl.h.in
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ extern "C" {
# define SSL_TXT_ARIA256 "ARIA256"
# define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912"
# define SSL_TXT_CBC "CBC"
# define SSL_TXT_AEGIS_128L "AEGIS-128L"

# define SSL_TXT_MD5 "MD5"
# define SSL_TXT_SHA1 "SHA1"
Expand Down Expand Up @@ -199,7 +200,8 @@ extern "C" {
* DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()
* Update both macro and function simultaneously
*/
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
# define TLS_DEFAULT_CIPHERSUITES "TLS_AEGIS_128L_SHA256:" \
"TLS_AES_256_GCM_SHA384:" \
"TLS_CHACHA20_POLY1305_SHA256:" \
"TLS_AES_128_GCM_SHA256"
# endif
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/tls1.h
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
# define TLS1_3_CK_AEGIS_256_SHA512 0x03001306
# define TLS1_3_CK_AEGIS_128L_SHA256 0x03001307

/* Integrity-only ciphersuites from RFC 9150 */
# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4
Expand Down Expand Up @@ -711,6 +713,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384"
# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
# define TLS1_3_RFC_AEGIS_128L_SHA256 "TLS_AEGIS_128L_SHA256"
# define TLS1_3_RFC_AEGIS_256_SHA512 "TLS_AEGIS_256_SHA512"
# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
Expand Down
3 changes: 3 additions & 0 deletions providers/defltprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
ALG(PROV_NAMES_ChaCha20_Poly1305, ossl_chacha20_ossl_poly1305_functions),
# endif /* OPENSSL_NO_POLY1305 */
#endif /* OPENSSL_NO_CHACHA */
#ifndef OPENSSL_NO_AEGIS
ALG(PROV_NAMES_AEGIS_128L, ossl_aegis_128l_functions),
#endif
{ { NULL, NULL, NULL }, NULL }
};
static OSSL_ALGORITHM exported_ciphers[OSSL_NELEM(deflt_ciphers)];
Expand Down
7 changes: 7 additions & 0 deletions providers/implementations/ciphers/build.info
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ $CHACHA_GOAL=../../libdefault.a
$CHACHAPOLY_GOAL=../../libdefault.a
$SIV_GOAL=../../libdefault.a
$SIV_GCM_GOAL=../../libdefault.a
$AEGIS_GOAL=../../libdefault.a

IF[{- !$disabled{asm} -}]
$GHASHDEF_x86=GHASH_ASM
Expand Down Expand Up @@ -206,3 +207,9 @@ IF[{- !$disabled{chacha} -}]
cipher_chacha20_poly1305.c cipher_chacha20_poly1305_hw.c
ENDIF
ENDIF

IF[{- !$disabled{aegis} -}]
SOURCE[$AEGIS_GOAL]=\
cipher_aegis_128l.c cipher_aegis_128l_hw.c
ENDIF

Loading

0 comments on commit a861f7a

Please sign in to comment.